7.5

CVE-2006-0019

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version3.2
KdeKde Version3.2.0
KdeKde Version3.2.0_beta1
KdeKde Version3.2.1
KdeKde Version3.2.2
KdeKde Version3.2.3
KdeKde Version3.2.x
KdeKde Version3.3
KdeKde Version3.3.0
KdeKde Version3.3.1
KdeKde Version3.3.2
KdeKde Version3.3.x
KdeKde Version3.4
KdeKde Version3.4.0
KdeKde Version3.4.1
KdeKde Version3.4.2
KdeKde Version3.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.14% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/archive/1/427976/100/0/threaded
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff
Patch
http://secunia.com/advisories/18500
Patch
Vendor Advisory
http://secunia.com/advisories/18540
Vendor Advisory
http://secunia.com/advisories/18552
http://secunia.com/advisories/18559
http://secunia.com/advisories/18561
Vendor Advisory
http://secunia.com/advisories/18570
http://secunia.com/advisories/18583
http://secunia.com/advisories/18899
http://securityreason.com/securityalert/364
http://securitytracker.com/id?1015512
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107
http://www.debian.org/security/2006/dsa-948
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml
http://www.kde.org/info/security/advisory-20060119-1.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:019
http://www.osvdb.org/22659
http://www.redhat.com/support/errata/RHSA-2006-0184.html
Vendor Advisory
http://www.securityfocus.com/archive/1/422464/100/0/threaded
http://www.securityfocus.com/archive/1/422489/100/0/threaded
http://www.securityfocus.com/bid/16325
http://www.ubuntu.com/usn/usn-245-1
http://www.vupen.com/english/advisories/2006/0265
https://exchange.xforce.ibmcloud.com/vulnerabilities/24242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858